Tuesday, March 1, 2022

Docker Image Vulnerability - docker scan plugin


Vulnerability scanning for Docker local images allows developers and development teams to review the security state of the container images and take actions to fix issues identified during the scan, resulting in more secure deployments.


Overview. CVE, short for Common Vulnerabilities and Exposures, is a list of publicly disclosed computer security flaws. When someone refers to a CVE, they mean a security flaw that's been assigned a CVE ID number. Security advisories issued by vendors and researchers almost always mention at least one CVE ID

Docker scan command

Docker Scan runs on Snyk engine, providing users with visibility into the security posture of their local Dockerfiles and local images.

 Scan Docker images to check the Vulnerability using docker scan

Step 1: Install docker scan plugin

mkdir -p ~/.docker/cli-plugins 

curl https://github.com/docker/scan-cli-plugin/releases/latest/download/docker-scan_linux_amd64 -L -s -S -o ~/.docker/cli-plugins/docker-scan 

chmod +x ~/.docker/cli-plugins/docker-scan

Step 2: Download hello-world image and scan the vulnerabilities

   docker pull hello-world

  docker scan hello-world

It will give the docker image vulnerabilities scan report on the basis of that you can decide to use this docker image or not.

Step 3: Lets scan docker image ramansharma95/webapp

    docker scan ramansharma95/webapp

It will return a report which shows the Low/Medium/High serverity issues.


Post a Comment